[15403] in bugtraq

home help back first fref pref prev next nref lref last post

XFree86: xdm xdmcp code in wdm also

daemon@ATHENA.MIT.EDU (Brian Russo)
Tue Jun 20 15:35:20 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <20000620054210.B9364@uhhepr.phys.hawaii.edu>
Date:         Tue, 20 Jun 2000 05:42:10 -1000
Reply-To: Brian Russo <brusso@PHYS.HAWAII.EDU>
From: Brian Russo <brusso@PHYS.HAWAII.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.21.0006192325410.19998-100000@ferret.lmh.ox.ac.uk>;
              from chris@FERRET.LMH.OX.AC.UK on Mon, Jun 19,
              2000 at 11:51:43PM +0100

wdm (wings display manager) - http://www.tcscs.com/wdm/, is basically xdm with WINGs handling the graphical elements.

The bulk of the core code is directly pulled from xdm, indeed the tarball of version 1.20 I pulled from the above URL, included xdm-3.3.2 code in a tarball - although the above URL mentioned :

" wdm-1.20 -- Feb 29, 2000
...
corrected by replacing some xdm-3.3.2 code with xdm-3.3.6. I think all the xdm stuff definitely should be udpated [sic] to the latest version. "

The included ChangeLog gives a bit more detail on this.

regardless, in ./wdm-1.20/xdm/xdmcp.c we find the same code:

   static char buf[256];
    XdmcpHeader header;
    ARRAY8      status;

    sprintf (buf, "Session %d failed for display %s: %s",
             sessionID, name, reason);
    Debug ("Send failed %d %s\n", sessionID, buf);

due to this direct importation of xdm code, it stands to reason that _any_ bug in xdm core code, will probably directly affect wdm in the same way.

Additionally, as it seems WDM releases are not regularly updated with xdm code, wdm may even be worse-off than a up-to-date version of xdm.

I do not fully understand this vulnerability really, but I thought you should be aware of this, send flames/comments/corrections/et al.

thanks

 - brian

> Just a minor one this. Discovered during a 5 minute pass of "xdm". I
> subsequently discovered "kdm" has copied the xdm core xdmcp code.
>
> xdmcp.c, send_failed()
>
> [...]
> static char buf[256];
> [...]
>     sprintf (buf, "Session %d failed for display %s: %s",
>              (int)sessionID, name, reason);
> Cheers
> Chris

--
+---------------------------------------------------------------+
| Brian Russo: Professional Slacker  <brusso@phys.hawaii.edu>
| University of Hawai'i at Manoa, Physics Dept.
+------------------------+
home help back first fref pref prev next nref lref last post